- Ledger, a maker of cryptocurrency wallets, is facing criticism for its recently introduced “Ledger Recover” feature.
- In summary, Ledger has introduced an identification-based key recovery service that securely stores users’ seed phrases.
- To utilize the service, users need to verify their identity by submitting a passport or national identity card.
Ledger, the hardware wallet manufacturer, seeks to address user concerns over a firmware update that allegedly compromises fund security compared to MetaMask. The company defends its new ‘Ledger Recover’ subscription service, assuring users of added reassurance if they misplace or forget their seed phrase.
Ledger XRP, a maker of cryptocurrency wallets, is defending its new “Ledger Recovery” feature in response to criticism of the product. Today during a Twitter space session, Ledger CEO Pascal Gauthier defended the new recovery option.
“You’re arguing that customers don’t want this. Actually, future clients desire this,” he remarked. “This is how the next hundreds of millions of individuals will actually adopt cryptocurrency.”
The encrypted fragments of the seed phrase will be entrusted to three custodial entities: Ledger, Coincover, and another third-party provider. However, some users express concerns about relying on the security measures implemented by these companies.
In contrast to web-based “hot wallets’ ‘ like MetaMask and custodial exchanges such as Coinbase and Binance, hardware wallets are widely regarded as the most secure method to store cryptocurrencies.
During wallet setup, users receive a random sequence of words known as a seed phrase, which serves as a secret recovery key. It is recommended to write down the phrase and store it in a secure location. Critics argue that entering the seed phrase into a connected device exposes it to potential internet risks, contradicting the primary rule of safeguarding coins.
To address these concerns, Ledger has taken steps to alleviate fears. According to Charles Guillemet, the company’s CTO, there is no “back door” access for Ledger or its trusted providers to obtain complete seed phrases. The service is deemed completely risk-free, with Guillemet asserting that even highly skilled hackers would not have access to the phrases.
Ledger’s recent introduction of its key recovery feature has not been effectively communicated to some participants in the cryptocurrency ecosystem. Critics argue that this service undermines the core advantage of hardware wallets by granting external entities access to an encrypted key, even if it is divided into smaller fragments. The requirement for identification as part of the service has raised concerns about potential violations of cryptographic privacy standards.
Prominent figures in the crypto community, including Mudit Gupta, the Chief Information Security Officer of Polygon Labs, have expressed strong reservations, labelling it a “terrible idea.”
Binance CEO Changpeng Zhao also questioned Ledger’s approach, highlighting that the feature contradicts the principle of “your keys never leave the device.”